Vulnerabilities > Misp > Misp > 2.4.191

DATE CVE VULNERABILITY TITLE RISK
2024-09-15 CVE-2024-46918 Incorrect Authorization vulnerability in Misp
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.
network
low complexity
misp CWE-863
4.9
4.9
2024-09-01 CVE-2024-45509 Incorrect Authorization vulnerability in Misp
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin.
network
low complexity
misp CWE-863
6.5
6.5